pyrox.dev / nixpkgs
lol
fork atom

Merge #8897: AppArmor updates

Vladimír Čunát f2d03ee0 38d83144

+152 -288
-183
pkgs/os-specific/linux/apparmor/2.9/default.nix
··· 1 - { stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which 2 - , glibc, flex, bison, python27, swig, dbus, pam 3 - }: 4 - 5 - let 6 - apparmor-series = "2.9"; 7 - apparmor-patchver = "2"; 8 - apparmor-version = "${apparmor-series}.${apparmor-patchver}"; 9 - 10 - apparmor-meta = component: with stdenv.lib; { 11 - homepage = http://apparmor.net/; 12 - description = "Linux application security system - ${component}"; 13 - license = licenses.gpl2; 14 - maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; 15 - platforms = platforms.linux; 16 - }; 17 - 18 - apparmor-sources = fetchurl { 19 - url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; 20 - sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh"; 21 - }; 22 - 23 - prePatchCommon = '' 24 - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" 25 - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" 26 - substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" 27 - substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" 28 - ''; 29 - 30 - libapparmor = stdenv.mkDerivation { 31 - name = "libapparmor-${apparmor-version}"; 32 - src = apparmor-sources; 33 - 34 - buildInputs = [ 35 - autoconf 36 - automake 37 - bison 38 - flex 39 - dbus # requires patch to dbus ... 40 - glibc 41 - libtool 42 - perl 43 - pkgconfig 44 - python27 45 - swig 46 - which 47 - ]; 48 - 49 - prePatch = prePatchCommon + '' 50 - substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" 51 - substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" 52 - ''; 53 - 54 - buildPhase = '' 55 - cd ./libraries/libapparmor 56 - ./autogen.sh 57 - ./configure --prefix="$out" --with-python --with-perl 58 - make 59 - ''; 60 - 61 - installPhase = '' 62 - make install 63 - ''; 64 - 65 - meta = apparmor-meta "library"; 66 - }; 67 - 68 - apparmor-utils = stdenv.mkDerivation { 69 - name = "apparmor-utils-${apparmor-version}"; 70 - src = apparmor-sources; 71 - 72 - buildInputs = [ 73 - python27 74 - libapparmor 75 - which 76 - ]; 77 - 78 - prePatch = prePatchCommon; 79 - 80 - buildPhase = '' 81 - cd ./utils 82 - make LANGS="" 83 - ''; 84 - 85 - installPhase = '' 86 - make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" 87 - ''; 88 - 89 - meta = apparmor-meta "user-land utilities"; 90 - }; 91 - 92 - apparmor-parser = stdenv.mkDerivation { 93 - name = "apparmor-parser-${apparmor-version}"; 94 - src = apparmor-sources; 95 - 96 - buildInputs = [ 97 - libapparmor 98 - bison 99 - flex 100 - which 101 - ]; 102 - 103 - prePatch = prePatchCommon + '' 104 - substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" 105 - substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" 106 - substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" 107 - ## techdoc.pdf still doesn't build ... 108 - substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" 109 - ''; 110 - 111 - buildPhase = '' 112 - cd ./parser 113 - make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include 114 - ''; 115 - 116 - installPhase = '' 117 - make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" 118 - ''; 119 - 120 - meta = apparmor-meta "rule parser"; 121 - }; 122 - 123 - apparmor-pam = stdenv.mkDerivation { 124 - name = "apparmor-pam-${apparmor-version}"; 125 - src = apparmor-sources; 126 - 127 - buildInputs = [ 128 - libapparmor 129 - pam 130 - pkgconfig 131 - which 132 - ]; 133 - 134 - buildPhase = '' 135 - cd ./changehat/pam_apparmor 136 - make USE_SYSTEM=1 137 - ''; 138 - 139 - installPhase = '' 140 - make install DESTDIR="$out" 141 - ''; 142 - 143 - meta = apparmor-meta "PAM service"; 144 - }; 145 - 146 - apparmor-profiles = stdenv.mkDerivation { 147 - name = "apparmor-profiles-${apparmor-version}"; 148 - src = apparmor-sources; 149 - 150 - buildInputs = [ which ]; 151 - 152 - buildPhase = '' 153 - cd ./profiles 154 - make 155 - ''; 156 - 157 - installPhase = '' 158 - make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" 159 - ''; 160 - 161 - meta = apparmor-meta "profiles"; 162 - }; 163 - 164 - apparmor-kernel-patches = stdenv.mkDerivation { 165 - name = "apparmor-kernel-patches-${apparmor-version}"; 166 - src = apparmor-sources; 167 - 168 - phases = ''unpackPhase installPhase''; 169 - 170 - installPhase = '' 171 - mkdir "$out" 172 - cp -R ./kernel-patches "$out" 173 - ''; 174 - 175 - meta = apparmor-meta "kernel patches"; 176 - }; 177 - 178 - in 179 - 180 - { 181 - inherit libapparmor apparmor-utils apparmor-parser apparmor-pam 182 - apparmor-profiles apparmor-kernel-patches; 183 - }
-16
pkgs/os-specific/linux/apparmor/capability.patch
··· 1 - Description: allow parser to build even when not on Linux. 2 - Author: Kees Cook <kees@debian.org> 3 - 4 - Index: apparmor-debian/common/Make.rules 5 - =================================================================== 6 - --- apparmor-debian.orig/common/Make.rules 2012-05-05 14:41:25.967259523 -0700 7 - +++ apparmor-debian/common/Make.rules 2012-05-05 14:41:28.451291053 -0700 8 - @@ -160,7 +160,7 @@ 9 - CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort) 10 - 11 - .PHONY: list_capabilities 12 - -list_capabilities: /usr/include/linux/capability.h 13 - +list_capabilities: 14 - @echo "$(CAPABILITIES)" 15 - 16 - # =====================
+146 -77
pkgs/os-specific/linux/apparmor/default.nix
··· 1 - { stdenv, fetchurl 2 - , autoconf, automake, libtool, makeWrapper 3 - , perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext 4 - , bash, pam, TermReadKey, RpcXML, swig, python}: 5 - stdenv.mkDerivation rec { 1 + { stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which 2 + , glibc, flex, bison, python27Packages, swig, pam 3 + }: 6 4 7 - name = "apparmor-${version}"; 8 - version = "2.8.4"; 5 + let 6 + apparmor-series = "2.10"; 7 + apparmor-version = apparmor-series; 9 8 10 - src = fetchurl { 11 - url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz"; 12 - sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq"; 9 + apparmor-meta = component: with stdenv.lib; { 10 + homepage = http://apparmor.net/; 11 + description = "Linux application security system - ${component}"; 12 + license = licenses.gpl2; 13 + maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; 14 + platforms = platforms.linux; 13 15 }; 14 16 15 - buildInputs = [ 16 - autoconf automake libtool perl bison flex gettext which rpm 17 - LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ]; 17 + apparmor-sources = fetchurl { 18 + url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; 19 + sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd"; 20 + }; 18 21 19 - prePatch = '' 20 - substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include" 21 - substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc}/include" 22 - substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" 23 - substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" 24 - substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc}/include" 22 + prePatchCommon = '' 23 + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" 24 + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" 25 + substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" 26 + substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" 27 + ''; 28 + 29 + libapparmor = stdenv.mkDerivation { 30 + name = "libapparmor-${apparmor-version}"; 31 + src = apparmor-sources; 32 + 33 + buildInputs = [ 34 + autoconf 35 + automake 36 + autoreconfHook 37 + bison 38 + flex 39 + glibc 40 + libtool 41 + perl 42 + pkgconfig 43 + python27Packages.python 44 + swig 45 + which 46 + ]; 47 + 48 + # required to build apparmor-parser 49 + dontDisableStatic = true; 50 + 51 + prePatch = prePatchCommon + '' 52 + substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" 53 + substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" 54 + ''; 55 + 56 + postPatch = "cd ./libraries/libapparmor"; 57 + configureFlags = "--with-python --with-perl"; 58 + 59 + meta = apparmor-meta "library"; 60 + }; 61 + 62 + apparmor-utils = stdenv.mkDerivation { 63 + name = "apparmor-utils-${apparmor-version}"; 64 + src = apparmor-sources; 65 + 66 + buildInputs = [ 67 + perl 68 + python27Packages.python 69 + python27Packages.readline 70 + libapparmor 71 + makeWrapper 72 + which 73 + ]; 74 + 75 + prePatch = prePatchCommon; 76 + postPatch = "cd ./utils"; 77 + makeFlags = ''LANGS=''; 78 + installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX=''; 79 + 80 + postInstall = '' 81 + for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do 82 + wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH" 83 + done 84 + 85 + for prog in aa-exec aa-notify ; do 86 + wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB" 87 + done 88 + ''; 89 + 90 + meta = apparmor-meta "user-land utilities"; 91 + }; 92 + 93 + apparmor-parser = stdenv.mkDerivation { 94 + name = "apparmor-parser-${apparmor-version}"; 95 + src = apparmor-sources; 96 + 97 + buildInputs = [ 98 + libapparmor 99 + bison 100 + flex 101 + which 102 + ]; 25 103 26 - substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" 27 - substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" 28 - substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h" 29 - substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" 30 - #substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" 104 + prePatch = prePatchCommon + '' 105 + substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" 106 + substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" 107 + substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" 108 + ## techdoc.pdf still doesn't build ... 109 + substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" 110 + ''; 111 + postPatch = "cd ./parser"; 112 + makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include''; 113 + installFlags = ''DESTDIR=$(out) DISTRO=unknown''; 31 114 32 - # for some reason pdf documentation doesn't build 33 - substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" 115 + meta = apparmor-meta "rule parser"; 116 + }; 34 117 35 - substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl" 36 - substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove" 37 - substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh" 38 - ''; 118 + apparmor-pam = stdenv.mkDerivation { 119 + name = "apparmor-pam-${apparmor-version}"; 120 + src = apparmor-sources; 39 121 40 - patches = ./capability.patch; 122 + buildInputs = [ 123 + libapparmor 124 + pam 125 + pkgconfig 126 + which 127 + ]; 41 128 42 - buildPhase ='' 43 - PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib 129 + postPatch = "cd ./changehat/pam_apparmor"; 130 + makeFlags = ''USE_SYSTEM=1''; 131 + installFlags = ''DESTDIR=$(out)''; 44 132 45 - cd libraries/libapparmor 46 - ./autogen.sh 47 - ./configure --prefix=$out --with-perl # see below 48 - make 49 - make check 50 - make install 51 - mkdir -p $out/lib/perl5/site_perl/ 52 - cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/ 53 - cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/ 54 - # this is automatically copied elsewhere.... 133 + meta = apparmor-meta "PAM service"; 134 + }; 55 135 56 - cd ../../utils 57 - make 58 - make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl 136 + apparmor-profiles = stdenv.mkDerivation { 137 + name = "apparmor-profiles-${apparmor-version}"; 138 + src = apparmor-sources; 59 139 60 - cd ../parser 61 - make 62 - make install DESTDIR=$out DISTRO=unknown 140 + buildInputs = [ which ]; 63 141 64 - # cd ../changehat/mod_apparmor 65 - # make # depends on libapparmor having been built first 66 - # make install 142 + postPatch = "cd ./profiles"; 143 + installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles''; 67 144 68 - cd ../changehat/pam_apparmor 69 - make # depends on libapparmor having been built first 70 - make install DESTDIR=$out 145 + meta = apparmor-meta "profiles"; 146 + }; 71 147 72 - cd ../../profiles 73 - LD_LIBRARY_PATH=$out/lib make 74 - #LD_LIBRARY_PATH=$out/lib make check # depends on the parser having been built first 75 - make install DESTDIR=$out 148 + apparmor-kernel-patches = stdenv.mkDerivation { 149 + name = "apparmor-kernel-patches-${apparmor-version}"; 150 + src = apparmor-sources; 76 151 77 - cd .. 78 - cp -r kernel-patches $out 79 - ''; 152 + phases = ''unpackPhase installPhase''; 80 153 81 - installPhase = let 82 - perlVersion = (builtins.parseDrvName perl.name).version; 83 - in '' 84 - for i in $out/bin/*; do 85 - wrapProgram $i --prefix PERL5LIB : \ 86 - "$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/" 87 - done 88 - ''; 154 + installPhase = '' 155 + mkdir "$out" 156 + cp -R ./kernel-patches "$out" 157 + ''; 89 158 90 - meta = with stdenv.lib; { 91 - homepage = http://apparmor.net/; 92 - description = "Linux application security system"; 93 - license = licenses.gpl2; 94 - maintainers = [ maintainers.phreedom maintainers.thoughtpolice ]; 95 - platforms = platforms.linux; 159 + meta = apparmor-meta "kernel patches"; 96 160 }; 97 - } 161 + 162 + in 98 163 164 + { 165 + inherit libapparmor apparmor-utils apparmor-parser apparmor-pam 166 + apparmor-profiles apparmor-kernel-patches; 167 + }
+6 -12
pkgs/top-level/all-packages.nix
··· 9291 9291 9292 9292 microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { }; 9293 9293 9294 - apparmor = callPackage ../os-specific/linux/apparmor { 9295 - inherit (perlPackages) LocaleGettext TermReadKey RpcXML; 9296 - bison = bison2; 9297 - perl = perl516; # ${perl}/.../CORE/handy.h:124:34: error: 'bool' undeclared 9298 - }; 9299 - 9300 - apparmor_2_9 = callPackage ../os-specific/linux/apparmor/2.9 { }; 9301 - libapparmor = apparmor_2_9.libapparmor; 9302 - apparmor-pam = apparmor_2_9.apparmor-pam; 9303 - apparmor-parser = apparmor_2_9.apparmor-parser; 9304 - apparmor-profiles = apparmor_2_9.apparmor-profiles; 9305 - apparmor-utils = apparmor_2_9.apparmor-utils; 9294 + apparmor = callPackage ../os-specific/linux/apparmor { swig = swig2; }; 9295 + libapparmor = apparmor.libapparmor; 9296 + apparmor-pam = apparmor.apparmor-pam; 9297 + apparmor-parser = apparmor.apparmor-parser; 9298 + apparmor-profiles = apparmor.apparmor-profiles; 9299 + apparmor-utils = apparmor.apparmor-utils; 9306 9300 9307 9301 atop = callPackage ../os-specific/linux/atop { }; 9308 9302